Privacy

Resolved lovre
(@lovre)

9 months, 2 weeks ago

Is it possible to remove ‘https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.0.6/purify.min.js’ from plugin.php? Not a single webisite that I own or maintain have 3rd party cookies so this is a bit concerning since I guarantee maximum privacy. There are 12 websites with Royal Elementor plugin, mostly paid version, so I have to remove or disable cdnjs.cloudflare.com from loading or find and another plugin.
Thx

Viewing 8 replies - 1 through 8 (of 8 total)

Plugin Contributor Givi WP Royal Support
(@ggedenidze1982)

9 months, 1 week ago

Hi,
First, thank you for choosing our Theme and Plugin.

Could you please elaborate on the matter further? Could you please specify which file and on which line you found it? Thank you so much for your attention and participation.

Kind Regards,
Givi

Thread Starter lovre
(@lovre)

9 months, 1 week ago

Hi, it’s in plugin.php under “Register DOMPurify”, line 546 (‘https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.0.6/purify.min.js’) loading third-party request (Cloudflare analytics). I’ve tried to delete that line but then Post Grid and other widget aren’t loading. Both me and my customers want maximum privacy and no tracking so there are no third-party requests on other websites where your addon is not installed.
TY

Thread Starter lovre
(@lovre)

9 months, 1 week ago

*One website is also loading “https://cdn.canvasjs.com/canvasjs.min.js” located in plugins/royal-elementor-addons/assets/css/lib/animations/text-animations.min.css although there are no animations on the website

Plugin Contributor Givi WP Royal Support
(@ggedenidze1982)

9 months, 1 week ago

Hi again,

Unfortunately, I cannot help you in this case. I apologize for the situation and thank you for your understanding and cooperation.

Kind Regrads

Givi

Thread Starter lovre
(@lovre)

9 months, 1 week ago

I’ve managed to remove third party cookie (cdnjs.cloudflare.com), nothing is broken but since DOMPurify 3.0.6. is extremely vulnerable (CVE-2024-47875) you should do something about it or abandon DOMPurify which is added in last two versions of your plugin (1.7.1029 and 1.7.1030)

*cdn.canvasjs.com has nothing to do with Royal Elementor Addons, my mistake because it was problem with cache

Plugin Contributor George
(@rubeushagrid13)

9 months ago

Hi again,

We’ve updated it to latest version and update will solve all of the issues.
Totally removing it will cause some js bugs across our widgets.

Kind regards,
George

Thread Starter lovre
(@lovre)

9 months ago

I know, tested it. Since your plugin is great and offers great features even in free version, after updates will apply my “fix” to remove cdnjs.cloudflare.com since my clients nor me use Cloudflare service.
Thank you, keep up the good work

Plugin Contributor George
(@rubeushagrid13)

9 months ago

Hi again

In the next update it will be included in plugin directly without loading from cdn so you can ignore custom fix you used before, hope we’ll release it very soon

Kind regards,
George

Viewing 8 replies - 1 through 8 (of 8 total)

The topic ‘Privacy’ is closed to new replies.